Update management involves applying Solaris updates, also referred to as patches, to a system. Update management might also involve removing unwanted or faulty updates. Removing updates is also called backing out updates.
This section covers the following topics:
For information about applying patches to diskless client systems, see “Patching Diskless Client OS Services” in System Administration Guide: Basic Administration.
For information about recommended strategies and practices for using Solaris updates, see Solaris Patch Management Recommended Strategies at http://docs.sun.com/app/docs/coll/1078.1.
An update is a collection of files and directories that replaces or updates existing files and directories that are preventing proper execution of the existing software. An update might also introduce a new feature to the system. Such an update is called a feature update. The existing software is derived from a specified package format, which conforms to the application binary interface (ABI).
You can manage updates on your Solaris system by using the Update Manager application, the smpatch command, or the patchadd command.
Do not use the Update Manager GUI, the smpatch command, and the patchadd command simultaneously to manage updates on your system. While the Update Manager GUI is running, changes made by smpatch and patchadd might not be reflected correctly in Update Manager.
A signed update is one that has a digital signature applied to it. An update that has its digital signature verified has not been modified since the signature was applied. The digital signature of a signed update is verified after the update is downloaded to your system.
Updates and patches for Solaris releases are available as signed updates and as unsigned updates. Unsigned updates do not have a digital signature.
Signed updates are stored in JavaTM archive format (JAR) files and are available from the Sun update server. Unsigned updates are stored in directory format and are also available from the Sun update server as .zip files.
Sun customers can access updates and patches from the Sun update server whether or not they are in the SunSpectrumSM program. These updates and patches are updated nightly.
You can obtain Solaris updates in the following ways:
From the http://sunsolve.sun.com web site
To access updates from the Sun Patch Portal, your system must be connected to the Internet and be capable of running a web browser, such as the MozillaTM software.
By using the Update Manager tools that are described in Chapter 4, Managing Solaris Updates by Using the Update Manager GUI
By using the Sun Update Connection Hosted web application that is described in Chapter 5, Managing Solaris Updates by Using the Sun Update Connection Hosted Browser Interface
You can access individual updates or a set of updates from an update cluster, or refer to update reports. You can also use Update Manager to analyze your system to determine the appropriate updates. Update Manager can also download and apply the updates to your system.
Each update is associated with a README file that has information about the update. You can view, print, or save each README file from the Update Manager GUI.
Updates are identified by unique update IDs. An update ID is an alphanumeric string that is an update base code and the update revision number joined with a hyphen. For example, update 118822-02 is the update ID for the SunOSTM 5.10 kernel update.
You can use the following tools to apply updates to Solaris systems:
Sun Update Connection System tools:
Update Manager graphical user interface (GUI)
Sun Update Connection Hosted web application
Update Manager command-line interface (smpatch)
patchadd command
Solaris Management Console (smc) Patches tool (GUI, starting with Solaris 9)
If you need to apply a patch to a diskless client system, see “Patching Diskless Client OS Services” in System Administration Guide: Basic Administration.
The Update Manager application is part of the Sun Update Connection System software product. The Sun Update Connection Hosted web application is also part of this software product.
The following table summarizes the availability of various Solaris update management tools.
Table 1–2 Availability of Solaris Update Management Tools
Tool Availability |
Update Manager and Sun Patch Manager 2.0 |
Sun Update Connection System |
patchadd/ patchrm Commands |
Solaris 2.6 and Solaris 7 Patch Management Tools |
---|---|---|---|---|
How do I get this tool? |
For Solaris 10 – Apply the Update Manager feature update. For Solaris 8 or Solaris 9 – Download the appropriate version of the Patch Manager tool from the Sun Download Center web site. |
Run tool from the Sun Update Connection System web site. |
Included with the Solaris release. |
Download the tool from the Sun Download Center. |
Solaris release availability |
For Solaris 10 – Update Manager. For Solaris 8 and Solaris 9 – Sun Patch Manager 2.0. |
Solaris 10. |
Solaris 2.6, Solaris 7, Solaris 8, and Solaris 9 releases. |
Solaris 2.6 and Solaris 7 releases. |
Applies signed updates? |
Yes, and automatically verifies the signed update when it is downloaded. |
Yes |
Starting with Solaris 9 12/03 – Yes, and automatically verifies the signed update when it is downloaded. |
Yes, and automatically verifies the signed update when it is downloaded. |
Applies unsigned updates? |
For Update Manager – No. For Sun Patch Manager 2.0 – Yes, but the updates must be unzipped first. |
Yes |
Yes |
No |
GUI available? |
For Solaris 10 – Yes, for systems running Update Manager. For Solaris 9 – Yes, for systems running Patch Manager (smc). For Solaris 8 – No. |
Web application is hosted at Sun. |
No |
No |
Analyzes system to determine the appropriate updates, and downloads signed or unsigned updates |
Yes, signed updates only. |
Yes |
No |
Yes, signed updates only. |
Local and remote system update support |
Local and remote. For Solaris 8 – Local. |
Remote |
Local |
Local |
RBAC support? |
For Update Manager – No. For smpatch – Yes. |
Not applicable |
Yes |
No |
While you apply updates, the patchadd command logs information in the /var/sadm/patch/update-id/log file.
The patchadd command cannot apply an update under the following conditions:
The package is not fully installed on the system.
The update package’s architecture differs from the system’s architecture.
The update package’s version does not match the installed package’s version.
An update with the same base code and a higher revision number has already been applied.
An update that makes an applied update obsolete.
The update is incompatible with an update that has already been applied to the system.
The update being applied depends on another update that has not yet been applied.
You can use several different methods to download or apply one or more updates to your system. Use the following table to determine which method is best for your needs.
The version of the smpatch command described in this table was first available for Solaris 8 systems.
Command or Tool |
Description |
For More Information |
---|---|---|
Update Manager GUI |
Use this tool when you want the convenience of a GUI to manage updates. Following are some features of this GUI:
|
Chapter 4, Managing Solaris Updates by Using the Update Manager GUI |
Sun Update Connection Hosted web application |
Use this web application, which is hosted at Sun, to remotely manage updates on all of your Solaris 10 systems. |
Chapter 5, Managing Solaris Updates by Using the Sun Update Connection Hosted Browser Interface |
smpatch update |
Use this command to analyze your system to determine the appropriate updates, and to automatically download and apply the updates. Note that this command will not apply an update that has the interactive property set. For Solaris 8 systems, only the local mode smpatch is available. |
smpatch(1M) man page |
smpatch analyze and smpatch update |
First, use smpatch analyze to analyze your system to determine the appropriate updates. Then, use smpatch update to download and apply one or more of the updates to your system. Note that this command will not apply an update that has the interactive property set. For Solaris 8 systems, only the local mode smpatch is available. |
smpatch(1M) man page |
smpatch analyze, smpatch download, and smpatch add |
First, use smpatch analyze to analyze your system to determine the appropriate updates. Then, use smpatch download to download them. This command also downloads any prerequisite updates. Then, use smpatch add to apply one or more of the updates to your system while the system is in single-user or multiuser mode. For Solaris 8 systems, only the local mode smpatch is available. |
smpatch(1M) man page |
patchadd |
Starting with Solaris 2.6 release – Apply unsigned updates to your system. Starting with Solaris 9 12/03 release – Use this command to apply either signed or unsigned updates to your system. To apply signed updates, you must first set up your package keystore. |
patchadd(1M) man page |
If you choose to use the smpatch command-line interface or the Update Manager graphical user interface to apply updates, see Getting Started With the Sun Update Connection System for additional information that might affect which method you select.